Vulnerability Description
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 5.5.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://marc.info/?l=bugtraq&m=132215163318824&w=2
- http://marc.info/?l=bugtraq&m=133469267822771&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/44981Vendor Advisory
- http://secunia.com/advisories/48308
- http://secunia.com/advisories/57126
- http://securitytracker.com/id?1025712
- http://support.apple.com/kb/HT5130
- http://tomcat.apache.org/security-5.htmlVendor Advisory
- http://tomcat.apache.org/security-6.htmlVendor Advisory
- http://tomcat.apache.org/security-7.htmlVendor Advisory
- http://www.debian.org/security/2012/dsa-2401
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
FAQ
What is CVE-2011-2204?
CVE-2011-2204 is a vulnerability with a CVSS score of 1.9 (LOW). Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation...
How severe is CVE-2011-2204?
CVE-2011-2204 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2204?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.